Contents
What is Single Sign-On and how does it work
Single Sign-On (SSO) is a user authentication and session service that enables individuals to utilize a single set of login credentials, such as a username and password, to access multiple applications. This functionality is applicable to enterprises, small and midsize organizations, and individuals, streamlining the management of numerous credentials.
In a basic web Single Sign-On (SSO) service, an agent module located on the application server retrieves the specific authentication credentials for a user from an assigned SSO policy server. Simultaneously, the user's authentication against a user repository, such as a Lightweight Directory Access Protocol directory, takes place. The service verifies the end user's identity across all applications they have permission to access, eliminating the necessity for additional password prompts for individual applications during the same session.
OAuth functions as an intermediary on behalf of the end user, providing the service with an access token that authorizes the sharing of specific account information. When a user attempts to access an application from the service provider, a request is sent to the identity provider for authentication. Following this, the service provider validates the authentication and finalizes the user login process.
Types of Single Sign-On providers that Inspera supports
Inspera supports SAML 2.0 and OpenID Connect (OIDC) as standard integrations for SSO for both admin and candidate users. The following list shows examples of providers associated with the standard integrations Inspera supports (SAML 2.0 and OIDC):
- SAML 2.0
- FeideID
- Microsoft ADFS
- Skolfederation
- Shibboleth (also with eduGAIN)
- OpenID Connect (OIDC)
- Microsoft ADFS
- Shibboleth
- ID-porten (Norway only)
As a customer, you can select whether you would like SSO for admin users and/or candidates only.
For more information on how to set up the different SSO types, please refer to the following articles: